Joining the UK Access Management Federation for Education and Research

Summary of procedure

Early application for membership of the UK Access Management Federation is advised so that once you are ready to participate in the federation, the application process is already completed. Once you are a member, you can take advantage of the many benefits the federation offers.

For further information on joining, please click on the following links. If you have javascript enabled, clicking on the "[+]" symbols will expand each section. Otherwise, click on the section title to be taken to a page with the same content.

NB: Where an applicant intends to use an outsourced provider (see participation options), both the applicant and the external organisation providing the outsourcing service must become members of the federation, and the Management Liaison of the requesting organisation must provide additional outsourced provider information.

Federation Membership Verification Procedures

In order to confirm the membership application of an organisation wishing to join the UK Access Management Federation the following must be verified.

1. Legal status

Only organisations with legal status are entitled to join the UK federation. The Operator makes checks based on the legal name provided in the letter of application. The checks are conducted with a number of official databases which include but are not limited to;

Applicants should take care that the information they have registered with such databases is correct and up to date and that the company name and registered address on their application reflects the information they have registered with the above databases.

Applicants who are Sole Traders should contact the federation helpdesk in advance of their application, as different procedures may be used in their case.

2. Email address of named contacts in letter of application.

The federation operator will contact the individuals named in the letter of application to confirm their email addresses. Named contacts should ensure that they respond promptly.

Once an organisation has joined the federation, there are various options for participation.

In-house

Run and support identity management in-house.There are two options for following this route:

implement the technology wholly through the organisation.

implement the technology using a third party. This option is particularly useful for those organisations who do not have the internal resource or expertise to deploy the initial technical requirements but would like to maintain ultimate control of their user authentication.

Outsourced

Organisational identity management provision may be handled by a third party. For further information about the provision of third-party outsource services in the schools sector please see the document regarding the trust framework for participation of UK schools.

Outsourced service provision: an organisation may outsource service provision to an external organisation without reference to the federation operator. However, where the entityID proposed for the SP entity contains a domain name which does not belong to the external organisation, this procedure should be followed.

Guidance is provided here for an organisation which outsourced identity provision to Eduserv but now wishes to move to using its own local IdP.

Schools

The recommended approach for schools is to join via the Local Authorities (England & Wales) or Regional Broadband Consortia in England, Classroom 2000 in Northern Ireland and Learning & Teaching, Scotland. However, schools may join the federation independently.

Entity registration

Once an organisationís application for membership has been approved, and the option for participation determined, the organisation may register any number of identity provider and service provider entities. Further information is provided for organisations wishing to enter into an outsourcing arrangement.